On Thu, Oct 1, 2015 at 2:12 AM, Ad Strack van Schijndel <
ad.strackvanschijn...@gmail.com> wrote:
> Hi Chris,
>
> Thanks for your answer! One thing I don't understand is about the XFO
> headers.
> Do we have to add them or is it a condition that we don't have them.
>
You should add them.
Hi Chris,
Thanks for your answer! One thing I don't understand is about the XFO headers.
Do we have to add them or is it a condition that we don't have them.
Ad
Op 30 sep. 2015, om 17:48 heeft Chris Steipp het
volgende geschreven:
Hi Ad,
There are some security
Visai nemoku jusu kalbos prasau siusti laiskus Lietuviu kalboja!
2015 rug. 30 20:22 "Chris Steipp" rašė:
> There is a slight difference in the ux if you're using pushState vs
> actually going to the page, so I think it would be noticed. But agree, I
> should probably have
There is a slight difference in the ux if you're using pushState vs
actually going to the page, so I think it would be noticed. But agree, I
should probably have said "make it more difficult".
On Wed, Sep 30, 2015 at 9:50 AM, Daniel Friesen
wrote:
> Bug? There is
On 2015-09-30 8:48 AM, Chris Steipp wrote:
> * We disable site and user .js on Special:UserLogin, so a malicious admin
> can't add password sniffing javascript to the login page
Note that you can make use of pushState to render this protection moot
for anyone who clicks the login link instead of
Hi Ad,
There are some security considerations if you're going to do that:
* We disable site and user .js on Special:UserLogin, so a malicious admin
can't add password sniffing javascript to the login page
* We disable framing the page to prevent various redressing attacks
* If your site is mixed
Can you provide any documentation on the details of this exploit?
On Wed, Sep 30, 2015 at 12:50 PM, Daniel Friesen wrote:
> Bug? There is nothing that can be fixed.
>
> You just have to accept that as long as the login page is on the same
> domain as site scripts,
Hi,
Is there a way to embed the login and/or the account creation on normal pages?
I would like to have the possibility to login in a sidebar as long as the user
is anonymous. So that there are no extra clicks to login.
I'm sure if there isn't, there is a very good reason for that and I would